cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
MattDunn
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Thanks @PhoneBoy   Do you have access to anyone else within CP who could add more detail to this?  The customer in question moves very slowly so E80.40 will be GA by the time they get to using it, but I need to have the conversations now to get them on board, so I could really do with knowing exactly what this will provide in terms of management of Bitlocker, and also crucially to this conversation, will it offer me an easy(!) route to migrating from Bitlocker to CP FDE?  

0 Kudos
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Hi Matt,
I've contacted the relevant owner and will update soon with details regarding your question.
Would you like to enrol the Production EA program? we can schedule a phone call and discuss the details if you are interested.
0 Kudos
MattDunn
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi @David_Moss,

Thanks for your note.  I look forward to your further update.  At this stage I don't need to join the EA (the customer isn't interested in running on EA code) but more detail on what exactly it will do would be a great help 👍

0 Kudos
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
No Problem. I'll keep you updated regarding your question, and please feel free to contact me if you have additional questions.
0 Kudos
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi,

Check Point Endpoint Security (client) will have BitLocker Management as an option in the
Full Disk Encryption Blade policy.


As you know, BitLocker is an integrated part of Windows. The Check Point BitLocker Management feature uses
the Endpoint Security Server, Client Agent and Management UI to manage BitLocker. TPM is required for Managed BitLocker.

 

Existing BitLocker Encrypted machines can be "taken over" and  put under Check Point Endpoint Security Management without being decrypted as long as the policy is using BitLocker Management. Recovery Keys and Data will then be uploaded to the Endpoint Management Server. 

Switching from BitLocker to Check Point FDE is easy, once the machines have been put under BitLocker Management. At least from a management perspective, just change the policy to use Check Point Full Disk Encryption. Note however that this operation will trigger a BitLocker decryption followed by FDE encryption. This re-encryption is a fairly long process and also leaves parts of the disk in clear text during the operation.

0 Kudos
MattDunn
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Thanks @FredrikG, that update is music to my ears 🙂  I will let the customer know and press ahead to get that deal.

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

hello -- will R80.40 include the long-awaited in-place upgrade option for SmartConsole client?

Employee+
Employee+

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Unfortunately no ... to be included, we needed to finish the development by by now 

The good news is that the project is now under work and we have intention to include in R80.50

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hello @Dorit_Dor , thanks for the insight on in-place upgrade for SmartConsole and R80.50 target.    Aren't we getting close to release of web-based policy mgmt (or is this R81)?

JozkoMrkvicka
Platinum

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

I second that.

We are living in a cloud world, so why we are forced to install the program on (and only on) Windows workstation in order to work with Check Point products. We need a web-based solution of management that can be placed into any Linux machine running Apache and accessed without the need to have a dedicated Windows machine where is installed only Check Point SmartConsole.

Kind regards,
Jozko Mrkvicka

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

at least it's not using Java like Cisco's ASDM; .NET is kinda awful though

0 Kudos
Duane_Toler
Nickel

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Indeed. I'd like a Mac client, tho. 🙂
0 Kudos
Duane_Toler
Nickel

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

You *really* don't want a web-based management.  You think you do, but you don't.  Look at Cisco's Firepower Management Center.  It's web-based.  It's awful.  They tried, and keep trying.  They got the right idea, but web-based is just awful (but it is "less bad" than ADSM).  Look at PAN, same thing.  Look at $OTHER_VENDOR, same thing. Web is awful.  It's an intrinsically asynchronous service.  It's not made for this.  You can make an asynchronous transport into a synchronous transport.  That pig won't stay on course when it's flying.

 

Meanwhile, Check Point gave out the APIs so you can roll your own $WHATEVER.  The management client in-place upgrade will be nice (I'm exhausted on the many times I've had to uninstall/reinstall for Endpoint management and HFA updates), but it's still the right thing.

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

@Duane_Toler  thanks for your input.  what specifically do you not like about PAN interface (specifically v8x or v9x)?  

Personally, I would like CP to continue to expand on their SmartView work with web-enabling common mgmt interfaces. HTML5 FTW!! 

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
True story!
0 Kudos
CSR
Iron

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Completely agree with @Duane_Toler . Smart Dashboard is much much better than any Web-based management.
0 Kudos

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

I acknowledge and understand there are two primary camps are far ends of divide:  thick client and web-based mgmt.

Are the folks so enamored with thick client currently OK with fact no in-place client update is possible?    I had customer last week asking legitimate questions along lines of "checkpoint is billion dollar company and the mgmt client for the foundation product (a) doesn't do in place upgrade, and (b) un-install of Smartconsole loses all saved preferences and tweaks".    He had no other commercial mgmt tool that offered such a severe limitation.    @Dorit_Dor did mention that in-place update currently planned for R80.50 but that's another year+ away. 

It's unclear how current generation HTML5-based web interface would be any less functionality.   In addition, the numerous security professional using MAC laptops would be able to freely mgmt CP platform without frustrating need for virtualization and/or jump hosts.  

  My preference is CP makes a decision and sticks to it (ie. not doing both).    The current SmartView features bode well for HTML future... 

0 Kudos
Employee+
Employee+

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

The Management & SmartConsole are developed under my ownership, so I will try to answer:

1) It is definitely not OK that SmartConsole needs to be manually installed and uninstalled for getting fixes / updates. In the past when updates were infrequent, it may have been reasonable, but not today with the jumbo updates.

2) It is not OK that preferences are lost when updating SmartConsole.

3) We had some delays with the updatable SmartConsole development (mainly due to other high priorities that came in), so we are behind schedule for sharing it with the field during 2019. However, we are not waiting for the release of R80.50. The plan is to release another flavor of SmartConsole that will be auto-updatable during Q1. We will release it to versions that are already GA (such as R80.40 and R80.30). The new package will be available in parallel to the existing one, and customer will be able to choose the new flavor early if they wish.

Duane_Toler
Nickel

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
This sounds really great! Looking forward to in-place client upgrades!
0 Kudos

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Sincere thanks @Tomer_Noy .   we appreciate the insight.  

Tags (1)
0 Kudos
Admin
Admin

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
With the "as a service" trend continuing, I think it's safe to say web-based interfaces of some sort will be a thing.
0 Kudos
Blason_R
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Any improvements on EPM? Dont see any.

0 Kudos
RickHoppe
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Is there any news on the Public EA release date?

My blog: https://checkpoint.engineer
0 Kudos
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Hi Rick,
there is no official date yet, but we expect the Public EA program to start very soon. we will publish once it starts.
thanks, David
0 Kudos
genisis__
Nickel

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Does anyone know if CP are going to add a comments field on gateway properties for routes.  It's available in GAIA, but not for VSX routes.  This is something that would be really useful to keep track of routes.

Admin
Admin

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Don't believe this is planned, at least for R80.40.
0 Kudos
Blason_R
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Wondering if 80.40 has a backup VPN functionality? Or VPN redundancy with third-party vendors?

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

I had a customer asking for this "redundant remote access VPN" functionality as well.   I perceive that MEP is a site-to-site functionality and not relevant for remote access VPN (don't know for sure).

0 Kudos
CSR
Iron

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

IPsec VPN

  • Configure different VPN encryption domains on a Security Gateway that is a member of multiple VPN communities. This Option was much needed, looking forward to it. Thanks for including this change in R80.40. Alos, just wanted to confirm if SHA-512 is added for Hashing method inside S2S VPN configuration or not. Nowadays many of the Clients asking to use the SHA-512 for Integrity but its not available with Checkpoint yet (Till R80.30).

 

Thanks,

CSR

Re: R80.40 is Public EA now

Jump to solution

Since yesterday it is public EA.

0 Kudos